something. (One could probably even spoof
the entire toolbar area and SSL padlock.) I couldn't be bothered myself,
but believed a dedicated phisherman might put the effort in. However, it
would seem that actually they're pretty lazy too.
--
Andrew Clover
m
Popup windows
to the windows work area. Evidently they reversed the fix for the final
SP2 release. SP2 is safe from the issue where popups can appear over
dialogs, but it seems it is still vulnerable to spoofing everything
else. Great.
--
Andrew Clover
mailto:[EMAIL PROTECTED]
h
t least as a default option setting. This would
also fix the recently publicised problem with targeting other sites'
pop-up windows for phishing.
--
Andrew Clover
mailto:[EMAIL PROTECTED]
http://www.doxdesk.com/
___
Full-Disclosure - We believ
e?
- turn off HTML in E-Mails (not possible in Mozilla?)
Should be possible - it is in Thunderbird (View->Message Body as->Plain
Text) and I highly recommend doing so.
--
Andrew Clover
mailto:[EMAIL PROTECTED]
http://www.doxdesk.com/
___
Full-Di
monName/Comwiz and
HuntBar/WinTools, and see how you get on.
HijackThis is a brilliant tool. But it is not a panacea, and the worst
of the crop are starting to code around the things it can do.
--
Andrew Clover
mailto:[EMAIL PROTECTED]
http://www.doxdesk.com/
_
printed
a quote from a TV show and wiped your discs, you laughed at the funny
gag and reinstalled, everyone was happy. (Well, ish.)
Malware attaching its tentacles onto your machine to make a few dollars
from advertising and spam is just so much more offensively sleazy.
--
Andrew
can do the trick, by stopping any of the software running, but I'm sure
that'll be worked around too eventually. (Rootkit-like spyware?)
--
Andrew Clover
mailto:[EMAIL PROTECTED]
http://www.doxdesk.com/
___
Full-Disclosure - We believe in i
, but still.)
--
Andrew Clover
mailto:[EMAIL PROTECTED]
http://www.doxdesk.com/
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
ted a
reinstall may indeed be easier/safer.
--
Andrew Clover
mailto:[EMAIL PROTECTED]
http://www.doxdesk.com/
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
metimes they prove a security liability and very occasionally they get
removed, but no-one seems to have thought of not including them in the
first place.
--
Andrew Clover
mailto:[EMAIL PROTECTED]
http://www.doxdesk.com/
___
Full-Disclosure - We beli
s promote
this with text claiming that Authenticode guarantees the code's safety.
ObOriginalTopic: tl4000 has been around for about 4 months now AFAICR. By
the same people as the original 'TIBS' dialler, but code is unrelated. Same
aggressive installation tactics.
--
Andrew Clover
he infamous Xupiter.
> That Autheticode has been "sold" (and worse, accepted by some) as anything
> else but a poor-man's excuse for "nothing much" is somewhere between really
> sad and criminal...
Quite agree. And of course half the pages that use ActiveX downlo
ns" too?
See for yourself. www.ieplugin.com
Given the ease of creating a misleading company name, and the unwillingness
of CAs to police abuse of their certs, one can only conclude that the
Authenticode process is 100% useless as a means of ensuring code is
trustworthy
; the system security interface).
An attempt starting along these lines can be seen in Tiny Personal
Firewall. Its interface isn't too great, it's not complete, and of course
on a Windows platform there is nothing stopping a malicious process from
subverting the protection, but it's an
nly one
> option
I think this is deliberate. Faced with having to add a pointless
legal contrivance, MS have made it as obviously stupid as possible.
Perhaps this will encourage web authors to update.
--
Andrew Clover
mailto:[EMAIL PROTECTED]
http://www.doxdesk.com/
___
15 matches
Mail list logo
